前提: 必须先在Linux下安装apache 服务 (yum install httpd)
1.查看并安装SSL (安装包的名字是mod_ssl)
[root@localhost ~]# rpm -qi motd_ssl
package motd_ssl is not installed
[root@localhost yum.repos.d]# yum install mod_ssl
Loaded plugins: rhnplugin, security
This system is not registered with RHN.
RHN support will be disabled.
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.i386 1:2.2.3-31.el5 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
====================================================================================================================================
Package Arch Version Repository Size
====================================================================================================================================
Installing:
mod_ssl i386 1:2.2.3-31.el5 file 88 k
Transaction Summary
====================================================================================================================================
Install 1 Package(s)
Update 0 Package(s)
Remove 0 Package(s)
Total download size: 88 k
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : mod_ssl 1/1
Installed:
mod_ssl.i386 1:2.2.3-31.el5
Complete!
2.手动创建密钥和证书
[root@localhost yum.repos.d]# cd /etc/pki/tls/certs/
[root@localhost certs]# pwd
/etc/pki/tls/certs
[root@localhost certs]# make auth.key (创建一个名为auth的SSL私钥)
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > auth.key
Generating RSA private key, 1024 bit long modulus
.....................................++++++
............................++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
[root@localhost certs]# make auth.crt (创建一个名为auth的证书)
umask 77 ; \
/usr/bin/openssl req -new -key auth.key -x509 -days 365 -out auth.crt -set_serial 0
Enter pass phrase for auth.key: (输入刚才的私钥密码)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:CN (国家)
State or Province Name (full name) [Berkshire]:liaoning (地区)
Locality Name (eg, city) [Newbury]:dalian (城市)
Organization Name (eg, company) [My Company Ltd]:IBM (组织机构名)
Organizational Unit Name (eg, section) []:IBM (全名)
Common Name (eg, your name or your server's hostname) []: (公共名称)
Email Address []: (邮箱)
3.修改配置文件
[root@localhost certs]# cp auth.key /etc/pki/tls/private/ (私钥导入)
[root@localhost certs]# vi /etc/httpd/conf.d/ssl.conf
修改112、 119行:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
====》SSLCertificateFile /etc/pki/tls/certs/auth.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
====》SSLCertificateKeyFile /etc/pki/tls/private/auth.key
Linux https SSL证书实例
内容版权声明:除非注明,否则皆为本站原创文章。